@DavcoreTech Looks like you may be running an older version of pfSense and/or Tailscale. You might want to upgrade to latest version (1.78.1) on all clients, which may resolve some of the connection issues. Although, Netgate has not updated the Tailscale package in some time, you can manually update How to update to the latest Tailscale version? You may also want to upgrade Windows 8.1, which MS officially stopped supporting on January 10, 2023

@chudak Service Status Shows running or not Otherwise no widget avail might blew up the dashboard caused by the amount of possible nodes / clients on a tails scale net (filtering or show only specific clients might do the trick) Might be a cool project for someone Br np

I am having trouble getting this to work. Will this work behind a double NAT? I have pfSense behind another Mikrotik 4G router. I have confirmed too that I can ping the remote host subnet via pfSense directly just not behind the pfSense LAN, So I'm guessing the double NAT is not an issue. Also, for the NAT rule, Would the source be the Source Network of the pfSense LAN, and the destination be the final Destination Network of the other network behind tailscale? Then the NAT Address would be the tailscale IP of the other side network. IE>> pfSense network = 192.168.10.0/24 Remote Network = 192.168.20.0/24 pfSense Tailscale = 100.90.20.10 Remote Tailscale = 100.90.42.2 Would my NAT entry look like this. [image: 1728170754604-bf2e3c74-f2e2-4b0a-afeb-86630f0964bc-image.png] Thanks

@harshness FYI, a tailscale update fixed this for both Pfsense and the Apple TV. All has been working fine for quite some time now.

@mowest Do you have pfSense configured to "accept subnet routes"?

@chickendog I've been looking at this for a while and I believe that is indeed the case. Thanks for confirming.

I too have had this issue today. The ssh session hung at "Stopping Tailscale" I found a "reboot" from shell worked. Has anyone found a fix to stop this?

https://redmine.pfsense.org/issues/15673 Feature Request Is Now Open

@mfld my guess would be you have magicdns enabled https://tailscale.com/kb/1081/magicdns I think they changed that to be default enabled a while back, use to be off by default. So depending on when you created your tailscale account? I do not have enabled.. Makes no sense when you run your own dns.

@ericreiss That's why have I have IPSec as a fail safe backup.

@Swiss-army-knife-of-tech I had this same issue. I ended up solving it by turning on "Strict Interface Binding" on the DNS Forwarder service.

@banosr said in Tailscale site to site, am I missing something?: Thanks for all your help, I finally was able to fixit. My modem was assigning a private address to the wan port, I just needed to unblock private addresses in the wan. Good to hear

OK Craig at Netgate was kind enough to respond directly to me on this. Evidently this is a bug caused by assigning Tailscale to an interface, which seemed to me like a thing that should be done, but is not the case. https://redmine.pfsense.org/issues/14780